"Data Encryption in the Cloud: Square Pegs in Round Holes" is the title of a guest article by CSE alumnus Tom Ristenpart (PhD '10), on Information Week's DARK Reading information security website. In it, the computer science professor from the University of Wisconsin reports that conventional encryption is a surefire solution for protecting sensitive data -- except when it breaks cloud applications. The solution, he offers, is something called 'format-preserving encryption.' Ristenpart's research spans a broad range of computer security topics, focusing primarily on threats to cloud computing, as well as topics in applied and theoretical cryptography.
In his May 21 article for DARK Reading, Ristenpart (at right) argues that encryption can secure data in case of a data breach in the enterprise. However, "the bad news is that traditional encryption techniques can also pose limitations to the functionality of cloud applications," says the alumnus. "I call this the 'square pegs-round-holes' problem." This is because every type of sensitive data comes with its own format. "Not only do credit card numbers have to be 16-digit strings, but salaries must be positive integer numbers, emails must be alphanumeric strings with an ‘@’ character, a domain name, and a TLD like ‘.com’, and so much more," Ristenpart writes in the article. "So it’s not just that square pegs must fit into round holes, but also stars, triangles, pentagons, rhombuses, and so on." While he is not the first expert to talk about format-preserving encryption (FPE), the CSE alumnus and colleagues have come up with encrption algorithms that are not only secure, but also solve the key usability issues of making it easy to specify a peg size. "Creating a new encryption engine is something that any developer can do seamlessly," explains Ristenpart. "This allows them to quickly adapt to the particulars of different cloud services... It's gratifying to see emerging security technologies bring these types of academic breakthroughs to the cloud security market," Ristenpart added. "The intention is that with more functional encryption capabilities, companies will be able to enable cloud services for a wider range of use cases."
Read Tom Ristenpart's full article on data encryption in the cloud.